[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-announce
Subject: [SECURITY] CVE-2011-2729 Apache Commons Daemon Information disclosure
From: Mladen Turk <mturk () apache ! org>
Date: 2011-08-12 12:26:41
Message-ID: 4E451C01.6000007 () apache ! org
[Download RAW message or body]
CVE-2011-2729: Commons Daemon fails to drop capabilities
Severity: high
Vendor:
The Apache Software Foundation
Versions Affected:
Commons Daemon 1.0.3 to 1.0.6
Additionally, these vulnerabilities only occur when all of the
following are true:
a) running on Linux operating system
b) jsvc was compiled with libcap
c) -user parameter is used
Description:
Due to bug in capabilities code, jsvc does not drop capabilities
allowing the application to access files and directories owned by
superuser.
Mitigation:
Affected users of all versions can mitigate these vulnerabilities by
taking any of the following actions:
a) upgrade to a version where the vulnerabilities have been fixed
jsvc 1.0.3 - 1.0.6 users should upgrade to 1.0.7 version
b) do not use -user parameter to switch user
c) recompile the jsvc without libcap support
Example:
[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh: 0000000000000406
CapPrm: 0000000000000406
CapEff: 0000000000000406
CapBnd: ffffffffffffffff
[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ....
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
Credit:
This issue was identified by Wilfried Weissmann.
--
The Apache Commons Daemon Team
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic